System.Security.Cryptography.Pkcs dependency has severe vulnerability #1236
Comments
|
I have merged #1183 just now. |
|
Btw, I see your download number is lower than NPOI.mapper? Do you know any reason? I did compared these 2 libraries and I see your updates are more frequent and solid than NPOI.mapper. But it's weird that there is no effect on increasing the download number.
|
|
@tonyqus I have no idea. On top of that, Npoi.Mapper seems to be heavily inspired by ExcelMapper (started about a year later, some identical class and property names etc). I'll expand the description of the NuGet package, perhaps that'll help. |
|
Perhaps you can write a post about ExcelMapper on medium.com. Then I help promote this post to the community |
|
I notice that the download number gap between NPOI.Mapper and ExcelMapper is somewhat expanding in the last 6 month. |
|
It's strange as ExcelMapper has more stars, more users. and more interaction in general on GitHub. NuGet downloads for Npoi.Mapper have been higher from the beginning. Perhaps the NPOI prefix in the package name draws people? |
|
Also I think the linear scale on nugettrends is misleading. Currently, Npoi.Mapper has about 4/3 downloads but the ratio was higher in the past. If you set the scale to 6 years you can see that Npoi.Mapper had about 5000 downloads on December 17, 2017, when ExcelMapper had about 800. |
System.Security.Cryptography.Pkcs which is an indirect dependency via System.Security.Cryptography.Xml has a vulnerability. Please update the NuGet package. More details at mganss/ExcelMapper#288.
The text was updated successfully, but these errors were encountered: